CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
CVE-2022-32973 An attacker could create an audit file to bypass PowerShell cmdlet checks and execute commands with administrator privileges.
This can be done by injecting malicious code into the PowerShell audit policy configuration or by using a crafted audit policy that is signed by
CVE-2022-33995 An issue in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.
An attacker can leverage this vulnerability to perform remote code execution. Remote attackers can host malicious DLLs in the server’s entry attachments and convince
CVE-2022-26668 ASUS Control Center API has a broken access control vulnerability
The security risk is estimated as high, due to the fact that the underlying system software stack is usually heavily administrated by system administrators. The
CVE-2022-30173 - Microsoft Excel Remote Code Execution Vulnerability — Explained, Tested & Exploited
Microsoft Excel is a staple in millions of businesses and homes. But in 2022, a dangerous security hole—CVE-2022-30173—was discovered in this widely used
Episode
00:00:00
00:00:00